General

  • Target

    788e06e0c5d05c250112554074123eaa_JaffaCakes118

  • Size

    174KB

  • Sample

    240527-kl5wfaea5s

  • MD5

    788e06e0c5d05c250112554074123eaa

  • SHA1

    5b779f5258655939297db9225ea39f796e397d89

  • SHA256

    e1834f24a6c23a1cd598e6f883113eb6660f856df27c87c4db32b6ac587eb078

  • SHA512

    538a32bb5994fb3dcc049dc28d11f430bfd1e4f9630af58693a3dfeae960fde8ea4ce39cc1aa58253dbd308dbe0d0e99cbc1e009702ed4b2f1bc225430e6670b

  • SSDEEP

    3072:a6WnIAhRMlCgB2mXJmNZJuZckPBDQPi7:kbMlDwMhPBb

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.koziolku.pl/omgr/

exe.dropper

http://www.sca4christ.org/ZLkpa/

exe.dropper

http://www.thfpark.website/9Pjk/

exe.dropper

http://www.tomoguitars.pl/bEUW/

exe.dropper

http://www.thainhp.org/assets/gca/7QQ3F/

Targets

    • Target

      788e06e0c5d05c250112554074123eaa_JaffaCakes118

    • Size

      174KB

    • MD5

      788e06e0c5d05c250112554074123eaa

    • SHA1

      5b779f5258655939297db9225ea39f796e397d89

    • SHA256

      e1834f24a6c23a1cd598e6f883113eb6660f856df27c87c4db32b6ac587eb078

    • SHA512

      538a32bb5994fb3dcc049dc28d11f430bfd1e4f9630af58693a3dfeae960fde8ea4ce39cc1aa58253dbd308dbe0d0e99cbc1e009702ed4b2f1bc225430e6670b

    • SSDEEP

      3072:a6WnIAhRMlCgB2mXJmNZJuZckPBDQPi7:kbMlDwMhPBb

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks